The healthcare industry giant UnitedHealth Group acknowledged that a ransomware attack on its subsidiary, Change Healthcare, earlier this year resulted in a massive theft of private medical data belonging to millions of Americans. The healthcare data breach has raised serious concerns about cybersecurity and the protection of sensitive personal information.
According to UnitedHealth’s statement on Monday, a notorious ransomware gang successfully infiltrated Change Healthcare’s systems and stole files containing personal data and protected health information that may “cover a substantial proportion of people in America.” The extent of the data breach is still being investigated, and UnitedHealth warned that the review process is “likely to take several months” before affected individuals can be notified.
Change Healthcare: A Central Hub for Medical Data Processing
Change Healthcare plays a critical role in the healthcare ecosystem, processing insurance claims, billing, and other administrative tasks for hundreds of thousands of hospitals, pharmacies, and medical practices across the United States. As a result, the company has access to a vast trove of health information on approximately half of all Americans, making the data breach particularly alarming.
Ransom Paid to Protect Patient Data
In a bold move to safeguard the stolen data, UnitedHealth confirmed that it paid a ransom to the cybercriminals responsible for the attack. Tyler Mason, a UnitedHealth spokesperson, stated, “A ransom was paid as part of the company’s commitment to do all it could to protect patient data from disclosure.” However, the company did not disclose the exact amount paid.
While UnitedHealth has not yet seen evidence of doctors’ charts or complete medical histories being stolen, the investigation is still ongoing. The healthcare data breach has raised concerns about the potential misuse of sensitive personal information, including medical records and financial data.
Amidst the fallout from the massive healthcare data breach, UnitedHealth’s CEO Andrew Witty, who pocketed a staggering $21 million in total compensation for the full year of 2022, is scheduled to face questioning from House lawmakers on May 1st. Witty’s multi-million dollar pay package is likely to come under scrutiny, given the company’s failure to adequately protect the sensitive medical data of millions of Americans entrusted to its care.